The Weekly Ink #31
THE WEEKLY INK
The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate the company - and anyone else who will listen - on security happenings and culture.
If you have links or projects that you think would be interesting to the company, be sure to send them to firstname.lastname@example.org.
10.10, Take 3
Mac users, be sure to buckle your seatbelts and update your operating systems! Emil Kvarnhammar over at TrueSec had a nice writeup this week on a fairly critical privilege escalation in OS X. Dating back to 2011, the exploit would allow a user (or attacker) with access to an admin account to use escalate their access to root. Kvarnhammar points out that admin permission is not an especially high barrier in OS X, where the default use case is a single user system. Apple took a bit to patch the vulnerability, which is understandable given the necessary changes to the implementation of the underlying framework. Unfortunately for you Leopards and Lions out there, as only Yosemite is being patched. While this may seem like a niche exploit in terms of attack potential, coupled with one or two other exploits a potential attack could target large swaths of Mac users running older OS versions.
Dude, Where's My (Right to Brick My) Car?
Though every day is another day in court for the EFF, the advocacy group put out an appeal to the court of public opinion this week when it comes to the case of smart car tinkering vs the DMCA. In their brief, they discuss how automakers' push to enforce DMCA could hurt those trying to make (legal) modifications to code running in their vehicles (playing pirated music on the dashboard, because piracy!). The market for smart vehicles offers yet another intersection of the internet of
disappointment things and FUD arguments against exploration and personal modification. Kick-ass research on smart systems in cars like Charlie Miller and Chris Valasek's Defcon presentation has us excited for what researchers and hobbyists and l33t hackers can do to brick our friends' cars!
Cyber Terror on the Airwaves
This week, French network TV5 Monde had lost control of it social media accounts and websites to attackers claiming to be supporting ISIL (aka ISIS aka IS). The attackers coordinated a jamming of 11 of network's member stations. Politically motivated attacks of this sort of sophistication are not altogether uncommon and date back to the early 90's with many groups making political statements with site takeovers.
Shameless Plug? Shameless Plug!!
Here at Duo, we're interested in being good ambassadors of security culture. From time to time, we like to delve more deeply into the history and development of security. That inspired our series of posts this week. Come take a look at the evolution of security and how it was broken over time, starting with...castles?